cancel
Showing results for 
Search instead for 
Did you mean: 

password issues with sso to win2k8 after password change

Highlighted
Super Contributor

password issues with sso to win2k8 after password change

I just configured my sa-2000 (6.3r3 build 13881) to allow passwords to be changed via LDAPS to a windows 2008 AD.   I successfully exported the CA from the Windows 2008 AD and loaded it into the sa-2000, and logged in vi https://sslvpn.domain.com/testing

I then clicked on the Preferences button and then the General Tab.

I was successfully able to change my password.

I then clicked on the Home button, and clicked on a terminal services link w/SSO.  I connected to the server (which is my AD), but it game me the error "The username or password is incorrect".  I waited 5 minutes (the replication time) even though I have only a single AD in this domain, but it still gives me the same error.    If I log out and back into the sa-2000 (using the new password, of course), SSO works fine.    Is this a feature? If so, can someone point me to the document/page that describes it?

If this is Functions-as-designed, I simply need to know that in order to inform my users.

Thanks

stine

My configuration is as follows:

client Windows XP SP3 (patched through 3/12) w/ firefox 3.0.6

SA-2000 w/ 6.3r3 build 13881


the CA was exported from the AD and installed in the sa-2000.

authentication server:

name:                 LDAP-server

ldap server:        192.168.1.1

port:                    389

ldap server type: Active Directory

Connection:        unencrypted

timeout:               15

Search timeout:   60

authentication required to search ldap (checked)

admin dn:           cn=administrator,cn=users,dc=testing,dc=domain,dc=local

password:          ****************

finding users

base DN:            dc=testing,dc=domain,dc=local

Filter:                  samaccountname=<username>

Determining Group Membership

base DN:           dc=testing,dc=domain,dc=local

Filter:                 cn=<GROUPNAME>

member attrib:  memberOf

reverse group search (checked)

nested group leve: 10

nested group search: (search all nested groups)

 ------------------------------------------------------------------------------------------------

terminal services resource profile

name:                     domain controller

description:             test dc

host:                        192.168.1.1

server port:             3389

create an access control policy...(checked)

-------------------------------------------------------------------------------------------------

terminal services bookmark for above profile

type: Windows Terminal Services

name: domain controller

screen size: full-screen

color depth: 32bit (true color)

authentication: TESTING\<username>

variable password: <PASSWORD>

checked options:

connect local drives

connect com ports

connect smart cards

allow clipboard sharing

sound options (bring to this computer)

desktop background

menu and window animation

bitmap caching

desktop composition

show contents while dragging

themes

font smoothing

-------------------------------------------------------------------------------





Theodore E Van Iderstine
Stream Networks
+1 678 373 4200 x125
JNCIA-ER (expired), JNCIA-SSL (ditto)